Saturday, March 03, 2007

A Security Minded Linkfest

Some things you might want to make a note of...

Wordpress version 2.1.1 Compromised

Wordpress 2.1.1 Dangerous, Upgrade - If any of you out there are using Wordpress to host/manage your blog off your server, AND if you have recently upgraded to version 2.1.1...do not pass "Go", do not collect $200. Go immediately and upgrade to version 2.1.2 right now. I'll wait.

Done? Good!

Seems someone gained user-level access to a server used by Wordpress.org and modified the version file. Impact? According to Wordpress, the scoundrel "...modified two files in WP to include code that would allow for remote PHP execution." Since you may or may not have downloaded v2.1.1 before the attack, be safe and move on up to v2.1.2.

Wordpress has locked down the server for forensics, and reset some user passwords for those with certain types of access. And they are making some changes to monitor the integrity of their download version code.

There are a number of tools that let um, "security-minded", folks "sniff" the Wi-Fi waves and the traffic they contain. The article also mentions a new one from Errata called Ferret (currently at a proof-of-concept release level).

So a Securiteam blogger Sid finds a (British) ISP he has been happy with.

Then a bored friend of said blogger decides to run an nmap session against his friends IP address. And finds a listening port, and (kindly) tells his friend of it.

Dude is surprised since he didn't know about that capability...logs in (using unchanged credentials) with a telnet connection. Yep. It's there. So he locks the password down via his web-access interface.

Then he telnets back into the router and pokes around. Finds four other accounts on the box. Cleverly finds the configuration file which contains the accounts and their unencrypted passwords. Yikes!

Dude cleans house.

Now he is curious. Nmaps to find list of other ISP users likely running same router. Snagged.

Ftps to those IP's and grabs the configuration .ini file. Oh no.

Another dude does the same thing, grander-scale, and reports finding 14716 "potentially" vulnerable routers provided by said ISP.

Dude contacts ISP...cleans up his post to remove IP's and passwords he posted (good idea).

Credits

Why this? It is the simple blog of a Last Exile fan and is intended to express the enjoyment we derive from studio Gonzo's production. Although we closely relate with those characters, we aren't them in real life. We just want to keep the memory of these incredible young kids alive. So go buy Gonzo's Last Exile DVD's!